A worm affecting older versions of WordPress has been getting lots attention in recent days.  The worm takes advantage of a security flaw that allows it to register a new user, grant itself administrator privileges and wreak havoc with your permalink structure.

The good news is that, if you are running one of the two most recent releases of Wordpress (2.8.4 is the most current), your site is not susceptible to this problem.  As such, there is no specific patch for this vulnerability other than to upgrade to the most current release.

The WordPress Blog has additional details on this worm, as well as an FAQ if you believe your site has been affected.

A security breach at Network Solutions has exposed credit card transactions for more than a half million cardholders.  Malicious software found on their E-Commerce servers transferred transaction and credit card information to servers outside of the company’s control.  Network Solutions resolved this breach began notifying their merchant customers on July 24, 2009.

Read the rest of this entry »

WordPress 2.8.3 was released yesterday to provide a fix for a security related issue that existed in version 2.8.1.  The announcement in the WordPress Blog was short and to the point, indicating that privilege escalation issues were addressed in this release.  Because this release is security related, WordPress highly recommends that users upgrade.

The latest release can be found here.

A recent security exploit affecting mobile phones has been identified that compromises mobile phones by simply receiving SMS or text messages.  While most of the news surrounding this exploit has focused on the iPhone, other popular phones are also at risk.

Read the rest of this entry »